{"id":2452,"date":"2013-05-21T00:00:00","date_gmt":"2013-05-21T00:00:00","guid":{"rendered":"http:\/\/otava.test\/hipaa-security-checklist-for-healthcare-organizations\/"},"modified":"2013-05-21T00:00:00","modified_gmt":"2013-05-21T00:00:00","slug":"hipaa-security-checklist-for-healthcare-organizations","status":"publish","type":"post","link":"https:\/\/www.otava.com\/blog\/hipaa-security-checklist-for-healthcare-organizations\/","title":{"rendered":"HIPAA Security Checklist for Healthcare Organizations"},"content":{"rendered":"

According to HITRUSTAlliance.net\u2019s report on U.S. healthcare data breaches affecting 500 or more individuals, A Look Back: U.S. Healthcare Data Breach Trends<\/em>, the leading cause of breaches involved theft (54 percent) and the leading sources of breached PHI (protected health information) were laptops (25 percent) and paper records (24 percent).<\/p>\n

The most frequently stolen items included laptops, desktops and mobile media (USB drives, CDs\/DVDs, backup tapes). When it came to business associates, they accounted for 58 percent of the records breaches, and were implicated in 21 percent of the breach cases.<\/p>\n

\"Business<\/a>
Business Associate Breaches; Source: HITRUSTAlliance.net<\/figcaption><\/figure>\n

With numbers like these, physician practices and health system CIOs should be aware of the possible areas of IT risk in order to secure PHI (according to HITRUST) – for each of the following areas, I\u2019ve provided resource links and tips:<\/p>\n

Information Security Policies and Procedures<\/strong>
\nEstablishing a set of standards that are custom to your organization can help guide user behavior toward more secure practices. Policies are necessary to abide by the HIPAA Security Rule<\/a>\u2019s Organizational, Policies and Procedures and Documentation Requirements standard 164.316(a) for covered entities:<\/p>\n

\n

Implement reasonable and appropriate policies and procedures to comply with the standards, implementation specifications, or other requirements of this subpart, taking into account those factors specified in \u00a7 164.306(b)(2)(i), (ii), (iii), and (iv) [the Security Standards: General Rules, Flexibility of Approach].<\/p>\n<\/blockquote>\n

Security policies should address password management, PHI storage\/use, encryption, PHI exchange procedures, privacy filters, etc. For a list of example HIPAA resources, including policies, procedures and training materials from a variety of established medical centers and university health systems, visit HIPAA Resources: Policies, Procedures and Training Materials<\/a>.<\/em><\/p>\n

Endpoint\/Mobile Security<\/strong>
\nThis involves protecting networks when connecting remotely via any number of devices, including laptops, desktops, servers, phones and tablets. Connecting remotely via a VPN (Virtual Private Network) that requires two-factor authentication<\/a> (username\/password, and a secondary form of authentication, typically via a cell phone call or text) may provide more assurance against the risk of unauthorized access to sensitive healthcare data. Other security services like firewalls, antivirus<\/a> and patch management<\/a> may also help secure endpoints.<\/p>\n

Learn more about two-factor in our upcoming webinar, The Affordable Way to Maintain Security and Compliance with Two-Factor Authentication<\/a><\/em>, June 4 @2PM ET, or check back after for a recording of the presentation.<\/p>\n

The BYOD (Bring Your Own Device) movement in the healthcare industry calls for a mobile security policy. Read our Mobile Security white paper<\/a> on how to keep devices and mobile apps secure, as well as a BYOD case study of a mobile security architecture designed and implemented successfully within a hospital environment.<\/p>\n

Encrypting devices, email and other healthcare data is another industry best practice and addressable standard of HIPAA technical safeguards that require access control:<\/p>\n

\n

A covered entity must, in accordance with \u00a7164.306\u2026 Implement a mechanism to encrypt and decrypt electronic protected health information.\u201d (45 CFR \u00a7 164.312(a)(2)(iv))<\/p>\n<\/blockquote>\n

Join our upcoming webinar Encryption – Perspective on Privacy, Security & Compliance<\/a><\/em> to learn more, or read about Encrypting Data to Meet HIPAA Compliance<\/a>.<\/em><\/p>\n

Network Security<\/strong>
\nSensitive IT infrastructure including managed servers<\/a>, cloud<\/a>, power and networks should be protected by restricted access, and routers, switches and devices should meet HIPAA compliant requirements to protect ePHI (electronic protected health information) found on networks. Firewalls and Intrusion Detection Services can work to identify security breaches and notify you or your hosting provider to take action.<\/p>\n

Staff Training and Security Awareness<\/strong>
\nHIPAA security awareness and training is another administrative safeguard required by the HIPAA Security Rule – not only is a staff training<\/a> program required, but periodic retraining is necessary whenever new policies or procedures, significant software or hardware upgrades, new security technology, etc. are implemented within an organization.<\/p>\n

Business associate training<\/a> is also important, as they were implicated in 21 percent of HIPAA breach cases, as mentioned earlier. Check that your vendors have a delegated security and risk officer, and that training is updated\/established for new employees.<\/p>\n

Breach Response<\/strong>
\nThe HIPAA breach notification rule dictates that covered entities must notify affected individuals\/the media\/the HHS (if affecting more than 500 state residents) of a data breach no later than 60 days after discovery. Business associates are also required to notify covered entities no later than 60 days.<\/p>\n

As a healthcare CIO, check your vendor contracts, or business associate agreement (BAA) for terms on their roles and responsibilities when it comes to breach notification policy to ensure you\u2019re on the same page, and you can gather the documents and information you need to accurately report to the OCR. To find out what the recent HIPAA omnibus rule dictates for BAAs, read Final HIPAA Omnibus Rule: Business Associate Agreements & Roadmap to Compliance<\/a>.<\/em><\/p>\n

For a list of information that the OCR requests shortly after a self-reported HIPAA breach, including documentation, risk assessments, policies and procedures and more, read OCR Audit Requirements Following a Self-Reported HIPAA Breach<\/a>.<\/em><\/p>\n

Third-Party Assurance<\/strong>
\nYour third-parties may be your business associates now that the final omnibus rule has widened the scope of who may be audited and fined for not meeting HIPAA compliance. Think it\u2019s not your problem? Think again – the new rule document states that the \u201cproposed changes would make covered entities and business associates liable under \u00a7 160.402(c) for the acts of their business associate agents, in accordance 61 with the Federal common law of agency, regardless of whether the covered entity has a compliant business associate agreement in place.\u201d<\/p>\n

As I initially wrote about in How the Final Omnibus Rule Affects HIPAA Cloud Computing Providers<\/a><\/em>, cloud service providers<\/a> and HIPAA hosting<\/a> providers now fall under the definition of a business associate. Covered entities can ensure their third-parties can meet HIPAA by reviewing their independent audit reports measuring their security standards and practices against the OCR HIPAA Audit Protocol<\/a>. Anything less than fully compliant is a risk your organization can\u2019t afford to take.<\/p>\n

Access Control<\/strong>
\nA HIPAA standard that helps meet technical safeguards, access control refers to restricting PHI system access to only authorized persons or software. The specifications include:<\/p>\n

    \n
  1. Unique User ID<\/strong> – Just as it sounds, assign a unique username or code to track users.<\/li>\n
  2. Emergency Access Procedure<\/strong> – This should be in the established policies and procedures that allows access to ePHI as needed in an emergency.<\/li>\n
  3. Automatic Logoff<\/strong> – Establish a way to terminate electronic sessions after a predetermined time of inactivity.<\/li>\n
  4. Encryption\/Decryption<\/strong> – See Endpoint\/Mobile Security.<\/li>\n<\/ol>\n

    Physical Security<\/strong>
    \nHIPAA Security Standards for     physical safeguards<\/a>, specifically facility access controls, requires the implementation of:<\/p>\n

    \n

    …policies and procedures to limit physical access to its electronic information systems and the facility or facilities in which they are housed, while ensuring that properly authorized access is allowed.<\/p>\n<\/blockquote>\n

    Restricting physical access to servers should be on your list of IT security – only authorized personnel should have building access to where your data is stored or processed, and dual factor authentication with the use of badges and biometrics (fingerprint recognition) can assist in tighter access control. Environmental controls can also be managed with surveillance, monitoring and alarm systems, as well as policies for visitors.<\/p>\n

    \"HIPAAFor more on using the cloud and secure hosting for HIPAA compliant solutions, read our HIPAA Compliant Hosting white paper<\/a>. Questions to ask your HIPAA hosting provider, data center standards cheat sheet and a diagram of the technical<\/a>, physical<\/a> and administrative security<\/a> components of a HIPAA hosting solution (including HIPAA compliant clouds) are included.<\/p>\n

    \"MobileOr read our Mobile Security white paper<\/a> for how to secure electronic protected health information (ePHI) while using mobile devices in the workplace, ideal for any healthcare organization interested in implementing a secure BYOD (Bring Your Own Device) environment.<\/p>\n

    Still have questions? Contact<\/a> us or chat<\/a> now.<\/p>\n

    References:
    \n    A Look Back: U.S. Healthcare Data Breach Trends<\/a> (PDF)
    \n    HIPAA Security Standards: Physical Safeguards<\/a> (PDF)
    \n    Breach Notification Rule<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

    According to HITRUSTAlliance.net\u2019s report on U.S. healthcare data breaches affecting 500 or more individuals, A Look Back: U.S. Healthcare Data Breach Trends, the leading cause of breaches involved theft (54 percent) and the leading sources of breached PHI (protected health information) were laptops (25 percent) and paper records (24 percent). The most frequently stolen items included laptops, desktops and mobile media (USB drives, CDs\/DVDs, backup tapes). When it came to business associates, they accounted for 58 percent of the records breaches, and were implicated in 21 percent of the breach cases. With numbers like these, physician practices and health system CIOs should be aware of the possible areas of IT risk in order to secure PHI (according to HITRUST) – for each of the following areas, I\u2019ve provided resource links and tips: Information Security Policies and Procedures Establishing a set of standards that are custom to your organization can help guide user behavior toward more secure practices. Policies are necessary to abide by the HIPAA Security Rule\u2019s Organizational, Policies and Procedures and Documentation Requirements standard 164.316(a) for covered entities: Implement reasonable and appropriate policies and procedures to comply with the standards, implementation specifications, or other requirements of this subpart, taking…<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"other_category":[],"class_list":["post-2452","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"acf":[],"yoast_head":"\nHIPAA Security Checklist for Healthcare Organizations | OTAVA<\/title>\n<meta name=\"description\" content=\"Establishing a set of standards that are custom to your organization can help guide user behavior toward more secure practices.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.otava.com\/blog\/hipaa-security-checklist-for-healthcare-organizations\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"HIPAA Security Checklist for Healthcare Organizations\" \/>\n<meta property=\"og:description\" content=\"Establishing a set of standards that are custom to your organization can help guide user behavior toward more secure practices.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.otava.com\/blog\/hipaa-security-checklist-for-healthcare-organizations\/\" \/>\n<meta property=\"og:site_name\" content=\"OTAVA\" \/>\n<meta property=\"article:published_time\" content=\"2013-05-21T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/otava.test\/wp-content\/uploads\/2019\/04\/Business-Associate-Breaches.png\" \/>\n<meta name=\"author\" content=\"Irma Brillantes\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Irma Brillantes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.otava.com\/blog\/hipaa-security-checklist-for-healthcare-organizations\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/blog\/hipaa-security-checklist-for-healthcare-organizations\/\"},\"author\":{\"name\":\"Irma Brillantes\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\"},\"headline\":\"HIPAA Security Checklist for Healthcare Organizations\",\"datePublished\":\"2013-05-21T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.otava.com\/blog\/hipaa-security-checklist-for-healthcare-organizations\/\"},\"wordCount\":1312,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/blog\/hipaa-security-checklist-for-healthcare-organizations\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/otava.test\/wp-content\/uploads\/2019\/04\/Business-Associate-Breaches.png\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.otava.com\/blog\/hipaa-security-checklist-for-healthcare-organizations\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.otava.com\/blog\/hipaa-security-checklist-for-healthcare-organizations\/\",\"url\":\"https:\/\/www.otava.com\/blog\/hipaa-security-checklist-for-healthcare-organizations\/\",\"name\":\"HIPAA Security Checklist for Healthcare Organizations | OTAVA\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.otava.com\/blog\/hipaa-security-checklist-for-healthcare-organizations\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/blog\/hipaa-security-checklist-for-healthcare-organizations\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/otava.test\/wp-content\/uploads\/2019\/04\/Business-Associate-Breaches.png\",\"datePublished\":\"2013-05-21T00:00:00+00:00\",\"description\":\"Establishing a set of standards that are custom to your organization can help guide user behavior toward more secure practices.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.otava.com\/blog\/hipaa-security-checklist-for-healthcare-organizations\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.otava.com\/blog\/hipaa-security-checklist-for-healthcare-organizations\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.otava.com\/blog\/hipaa-security-checklist-for-healthcare-organizations\/#primaryimage\",\"url\":\"https:\/\/otava.test\/wp-content\/uploads\/2019\/04\/Business-Associate-Breaches.png\",\"contentUrl\":\"https:\/\/otava.test\/wp-content\/uploads\/2019\/04\/Business-Associate-Breaches.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.otava.com\/blog\/hipaa-security-checklist-for-healthcare-organizations\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.otava.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"HIPAA Security Checklist for Healthcare Organizations\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.otava.com\/#website\",\"url\":\"https:\/\/www.otava.com\/\",\"name\":\"OTAVA\u00ae\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.otava.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.otava.com\/#organization\",\"name\":\"OTAVA\u00ae\",\"url\":\"https:\/\/www.otava.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"contentUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"caption\":\"OTAVA\u00ae\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\",\"name\":\"Irma Brillantes\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"caption\":\"Irma Brillantes\"},\"url\":\"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"HIPAA Security Checklist for Healthcare Organizations | OTAVA","description":"Establishing a set of standards that are custom to your organization can help guide user behavior toward more secure practices.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.otava.com\/blog\/hipaa-security-checklist-for-healthcare-organizations\/","og_locale":"en_US","og_type":"article","og_title":"HIPAA Security Checklist for Healthcare Organizations","og_description":"Establishing a set of standards that are custom to your organization can help guide user behavior toward more secure practices.","og_url":"https:\/\/www.otava.com\/blog\/hipaa-security-checklist-for-healthcare-organizations\/","og_site_name":"OTAVA","article_published_time":"2013-05-21T00:00:00+00:00","og_image":[{"url":"https:\/\/otava.test\/wp-content\/uploads\/2019\/04\/Business-Associate-Breaches.png","type":"","width":"","height":""}],"author":"Irma Brillantes","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Irma Brillantes","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.otava.com\/blog\/hipaa-security-checklist-for-healthcare-organizations\/#article","isPartOf":{"@id":"https:\/\/www.otava.com\/blog\/hipaa-security-checklist-for-healthcare-organizations\/"},"author":{"name":"Irma Brillantes","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263"},"headline":"HIPAA Security Checklist for Healthcare Organizations","datePublished":"2013-05-21T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.otava.com\/blog\/hipaa-security-checklist-for-healthcare-organizations\/"},"wordCount":1312,"commentCount":0,"publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"image":{"@id":"https:\/\/www.otava.com\/blog\/hipaa-security-checklist-for-healthcare-organizations\/#primaryimage"},"thumbnailUrl":"https:\/\/otava.test\/wp-content\/uploads\/2019\/04\/Business-Associate-Breaches.png","inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.otava.com\/blog\/hipaa-security-checklist-for-healthcare-organizations\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.otava.com\/blog\/hipaa-security-checklist-for-healthcare-organizations\/","url":"https:\/\/www.otava.com\/blog\/hipaa-security-checklist-for-healthcare-organizations\/","name":"HIPAA Security Checklist for Healthcare Organizations | OTAVA","isPartOf":{"@id":"https:\/\/www.otava.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.otava.com\/blog\/hipaa-security-checklist-for-healthcare-organizations\/#primaryimage"},"image":{"@id":"https:\/\/www.otava.com\/blog\/hipaa-security-checklist-for-healthcare-organizations\/#primaryimage"},"thumbnailUrl":"https:\/\/otava.test\/wp-content\/uploads\/2019\/04\/Business-Associate-Breaches.png","datePublished":"2013-05-21T00:00:00+00:00","description":"Establishing a set of standards that are custom to your organization can help guide user behavior toward more secure practices.","breadcrumb":{"@id":"https:\/\/www.otava.com\/blog\/hipaa-security-checklist-for-healthcare-organizations\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.otava.com\/blog\/hipaa-security-checklist-for-healthcare-organizations\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.otava.com\/blog\/hipaa-security-checklist-for-healthcare-organizations\/#primaryimage","url":"https:\/\/otava.test\/wp-content\/uploads\/2019\/04\/Business-Associate-Breaches.png","contentUrl":"https:\/\/otava.test\/wp-content\/uploads\/2019\/04\/Business-Associate-Breaches.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.otava.com\/blog\/hipaa-security-checklist-for-healthcare-organizations\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.otava.com\/"},{"@type":"ListItem","position":2,"name":"HIPAA Security Checklist for Healthcare Organizations"}]},{"@type":"WebSite","@id":"https:\/\/www.otava.com\/#website","url":"https:\/\/www.otava.com\/","name":"OTAVA\u00ae","description":"","publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.otava.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.otava.com\/#organization","name":"OTAVA\u00ae","url":"https:\/\/www.otava.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","contentUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","caption":"OTAVA\u00ae"},"image":{"@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263","name":"Irma Brillantes","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","caption":"Irma Brillantes"},"url":"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/"}]}},"_links":{"self":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/2452","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/comments?post=2452"}],"version-history":[{"count":0,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/2452\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/media?parent=2452"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/categories?post=2452"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/tags?post=2452"},{"taxonomy":"other_category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/other_category?post=2452"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}